Regarding Active directory configuration
We have one PDC and one backup PDC and 272 ADC in our Organization .all server will communicate to PDC for replication as per the design. we are facing the the issue in replication domain dns zone and forest dns zone is not replicating getting 1722 error.
we have created separate site link for all site and we put pdc site and local site in the site link. what is the best practice for site link and cost and replication timing for 272 ADC from PDC.
HI Amy,
please find the attached replication report here domain partition is showing as never replicated and domain dns zone and forward DNS zone replication failed with 1722 error, please suggest on the same.
Destination DSA Site
Destination DSA
Naming Context
Source DSA Site
Source DSA
Transport Type
Number of Failures
Last Failure Time
Last Success Time
Last Failure Status
SDC
DSR-BLRSDC-DC01
DC=DSR,DC=IN
Puttur
PUT_R1
RPC
0
0
(never)
0
SDC
DSR-BLRSDC-DC01
CN=Configuration,DC=DSR,DC=IN
Puttur
PUT_R1
RPC
0
0
12/10/2014 14:02
0
SDC
DSR-BLRSDC-DC01
CN=Schema,CN=Configuration,DC=DSR,DC=IN
Puttur
PUT_R1
RPC
0
0
12/10/2014 14:15
0
SDC
DSR-BLRSDC-DC01
DC=DomainDnsZones,DC=DSR,DC=IN
Puttur
PUT_R1
RPC
110
12/10/2014 11:33
(never)
1256
SDC
DSR-BLRSDC-DC01
DC=ForestDnsZones,DC=DSR,DC=IN
Puttur
PUT_R1
RPC
110
12/10/2014 11:33
(never)
1256
Similar Messages
-
How to Uninstall SQL instance on active-passive SQL server , which failed during Cluster Setup (Error-Failed at Validate Active Directory Configuration)
active-passive SQL server cluster setup failed due to some steps missed in initial cluster setup,
now i have unistall sql instance from nodes,
Your help will higly appriciated.
Regards,
Anish
AsandeenHello,
Please refer to the following link about remove a node of SQL Server Failover Cluster Instance:
http://msdn.microsoft.com/en-us/library/ms191545.aspx#Remove
Regards,
Fanny Liu
Fanny Liu
TechNet Community Support -
MS active Directory Configuration on SAP 4.7 and ECC6.0
Hello
Can anybody guide the steps required for MS Active Directory Configuration with SAP 4.7 on AIX and
and ECC 6.0 also on AIX 5.3.
Currently we are using many different applications on client landscape.
The requirement is for implementing the Single Sign On for all the applications
on the client landscape.Please check
/people/andre.fischer/blog/2008/06/04/windows-server-2008--active-directory-certified-for-the-bc-ldap-usr-directory-interface-for-user-management
In Case you also have EP then
/people/wai-hon.lam/blog/2006/04/20/windows-integrated-authentication-via-kerberos-on-an-ldap-data-source
Also check below for SSO
Note 121178 - NT: Installation note for SSO Single Sign On
Note 138498 - Single Sign-On Solutions -
Question about Active Directory Configuration
Hi All,
Portal Version : EP7.0 SP7
We want to configure Active directory as a Portal UME store.
We have 7 Domain controllers in the domain xyz.com. They are spread across locations. I assume, by default domain controller will have global catalog defined.
So in LDAP configuration, whether we to use Global Catalog (Port: 3268) to connect to ADS or LDAP connection(Port:389)?
I am not clear, when Global Catalog connection is defined to bind ADS to Portal UME?
Any suggestion?
Thanks & Regards,
GowriHi Gowri,
It will work fine if you connect through port 389.
Can you please explain it in detail that How you have spread your domain controllers / your forest hierarchy?
Check if this helps.
Thanks,
Mittal -
Active Directory not showing up in Shared Service Console
Hi,
I successfully installed EPM Version 11.1.1.1.0 in my PC, can able to access shared services through URL. But I have not seen Active Directory configured, i believe this will taken care automatically during software installation.
I was seeing AD last week, this monday I uninstalled and installed, this time missing AD showing up. I make use of NTLM directory.
Could you please suggest me how to add this AD in shared service console...Its kind of urgent ..please help.
Regards,
UBBut to my surprise, how come I am not able to see this now. I was seeing the AD last week and in fact, i did uninstalls and installs several times, did not face such kind of issues.
Could you please clarify how this has gone from the shared services.
Regards, UB -
Hello,
I'm writing to ask for a question regarding Active Directory Topology Configuration.
I have Site A, Site B and Site C:
Site A is directly connected to Site B;
Site B is directly connected to Site C;
Site A can reach Site C passing through Site A.
I have to define Site Link(s) under Active Directory Sites & Services.
Based on information above, which is best way to setup it ? As Best Practice it is recommended that a site link contain only two sites. That said is it recommended to create first two only or all of three Site Links below ?
Site Link Site A <=> Site B
Site Link Site B <=> Site C
Site Link Site A <=> Site C
Thank you.
Bye,
Luca
Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. Whenever you see a helpful reply, click on [Vote As Help] and click on [Mark As Answer] if a post answers your question.Hi Luca,
Regarding the environment here, I think two site links are enough.
When creating site links, ensure that every site is included in a site link. In addition, ensure that all sites are connected to each other through other site links so that the changes can be replicated from domain controllers in any site to all other sites.
See here:
Creating a Site Link Design
http://technet.microsoft.com/en-us/library/cc732837(v=ws.10).aspx
More reference:
Designing the Site Topology for Windows Server 2008 AD DS
http://technet.microsoft.com/en-us/library/cc772013(v=WS.10).aspx
How Active Directory Replication Topology Works
http://technet.microsoft.com/en-us/library/cc755994(WS.10).aspx#w2k3tr_repto_how_uvgz
Hope this helps
Best regards
Michael
If you have any feedback on our support, please click
here.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Dear all,
We have an issue regarding active directory user registry. Our application wants to retrieve the user registry from active directory,
So after we type the domain name, username and password for the domain admin, the apps add a schema in the AD, usually we directly can get the respons from the active directory server.
Below is the log from the configuration
< 3/17/2013 - 8:26:43 PM
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<
3/17/2013-8:27:03 PM: Configuring Access Manager Policy Server....
C:\PROGRA~2\Tivoli\POLICY~1\sbin\ivmgrd_setup.exe -y no -m "********" -
r 7135 -l 1460 -t 7200 -D no -f no
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
hostname
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
useEncryption
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
domain
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
dnforpd
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
Multi-domain
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
bind-id
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
bind-pwd
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
C:\PROGRA~2\Tivoli\POLICY~1\sbin\mgrsslcfg.exe -config -f no -t 7200 -l
1460 -D no
Creating the SSL certificate. This might take several minutes.
The SSL configuration of the Tivoli Access Manager policy server
has completed successfully.
The policy server's signed SSL certificate is base-64 encoded and
saved in text file "C:\PROGRA~2\Tivoli\POLICY~1\keytab\pdcacert.b64."
This file is required by the configuration program on each machine
in your secure domain.
C:\PROGRA~2\Tivoli\POLICY~1\sbin\bassslcfg.exe -config -f no -c "C:
\PROGRA~2\Tivoli\POLICY~1\keytab\pdcacert.b64" -p 7135 -h TAMEB1
The SSL configuration of Access Control Runtime has completed
successfully.
Tivoli Access Manager policy server domain name: Default
Tivoli Access Manager policy server host name: TAMEB1
Tivoli Access Manager policy server listening port: 7135
2013-03-17-20:27:13.770-07:00I----- 0x16B48064 PID#2848 ERROR rgy ad E:
\build\am611\src\uraf\ad\schema\adschema_update.cpp 550 0x00000ad0
HPDRG0100E The operation in the Active Directory registry for
adschema_update.exe: ADSCHEMA_CHECK_SCHEMA_RIGHTS failed with return
error 8000500d.
adschema_update: result 1, retcode -2147463155
HPDBG0938E Configuration failed.
3/17/2013-8:29:13 PM: HPDBG0938E Configuration failed.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>
> 3/17/2013 - 8:29:15 PM
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>
Please your advice,
Thanks,
Best Regards,
AchmadHi you log states:
adschema_update.exe: ADSCHEMA_CHECK_SCHEMA_RIGHTS failed
with return
error 8000500d.
The error code is documented in
this kbTo go short i think the running user does not have the required privilegs to edit the AD schema. You need to be member of 'Schema Admins' in the forest root domain to edit the AD schema.
MCP/MCSA/MCTS/MCITP -
ISE - Active Directory - LDAPS
I think I understood the customer concern. This is quoted from Microsofthttp://support.microsoft.com/kb/321051
"The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology."
So the question now is how can we be sure the ISE communication is secure? ... I understand port 636 is used to transport LDAP-Secure ...
The ISE User Gude indicates that one of the ports required to be open in the case a firewall exists between ISE and ADE is 636 (LDAPS). -(ISE User Guide Page 5-6)
In my case there is no FW between ISE and AD, so how can I be sure LDAPS is being used?
ISE User Guide explais a little about security if the external identity source is an LDAP, but nothing about security is indicated in Active Directory configuration.
Regards.Hi,
The AD join operations allows you to run PEAP protocol and is much more resilient than using ldap because of the way it joins itself to the domain. It uses kerberos and rpc when performing user authentication.
When using ldaps that is configuration based on when you add the ldap instance.
Sent from Cisco Technical Support iPad App -
Weblogic 10.3.3 and Windows Active Directory connection error
Hi,
A i am trying to set up Windows AD LDAP realm.
But the connection is not working. I have already double checked the passwords, user names and host. Everything is correct - but the only thing that i got in the log file is this (with enabled debug):
<Debug> <JMXCore> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <Invoking method listUsers with (java.lang.String,java.lang.Integer,)>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <list users, user:*,max:1001>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <new LDAP connection to host 192.168.10.253 port 389 use local connection is false>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <created new LDAP connection LDAPConnection { ldapVersion:2 bindDN:""}>
<Debug> <DiagnosticContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <new localDiagnosticContext for thread [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'>
<Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.management.JMXContext, | SOAP)>
<Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.diagnostics.DiagnosticContext, | MIME_HEADER)>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098144> <BEA-000000> <connection failed netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772 >
<Error> <Console> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098160> <BEA-240003> <Console encountered the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3479)
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3466)
at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2251)
at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.listUsers(ActiveDirectoryAuthenticatorMBeanImpl.java:227)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1033_WLStub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
at $Proxy149.listUsers(Unknown Source)
at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2121)
at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:159)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:257)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:416)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:429)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:389)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:212)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:253)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:131)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.reflect.InvocationTargetException
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4153)
at weblogic.security.utils.Pool.newInstance(Pool.java:37)
at weblogic.security.utils.Pool.getInstance(Pool.java:33)
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3474)
... 117 more
Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4130)
... 120 more
>
could any one know where is the problem or do i need some patch to apply? I am running out of ideas what could be the cause to it.
Thanks in advance!Hi ,
From the error stack trace I could find the below error.
Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
This error occurs if there is a LDAP authentication issue for the user used to bind to Active Directory, the value
Data 525, refers to user not found error that is used to bind to the Active Directory.
Make sure you have the correct credentials to connect to the Active Directory.
You can simplify the test using the LDAP Broswer, which helps you to connect to the LDAP servers.
A sample usage of LDAP Broswer is given below.
http://weblogic-wonders.com/weblogic/2010/05/20/connecting-to-weblogic-server-embedded-ldap-using-ldap-browser/
Note: The LDAP Browsers help us to traverse the LDAP Tree, there are many LDAP Broswers available in the market.
You can download a sample version of softerra.
http://www.ldapbrowser.com/download.htm
You can also refer the below link for details about WebLogic and Active Directory configuration.
http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/
For more details about different LDAP Issues.
http://weblogic-wonders.com/weblogic/2010/11/08/common-ldap-server-issues/
Regards,
Anandraj
http://weblogic-wonders.com -
Automatically generated site connectors in Active Directory all default to the same site
Greetings,
I have a Single Forest/Single Domain configured with 17 sites. We are currently in 2003 native mode, but are upgrading to 2102R2. The schema has been upgraded and 3 site have been moved to 2012R2 domain controllers.
Each site has one domain controller, most are 2003 but the FSMO roles are on a Windows 2008R2 domain controller in Site1.
Our network is a mesh, but many site have different bandwidth speeds. In this case, Site3 has a 6mb connection to the network.
When I upgraded site3, I couldn't add the renamed replacement server to the domain. The demotion proceeded properly and the objects were removed from sites and services. I found I had problems with duplicate SPNs which were solved by removing the old and
new servers from AD. I still had problems with the new server and found that replication was now broken. We traced it down to to corrupt automatically generated site connectors that all still pointed to the now missing site3 domain controller. I was able to
setup manual replication connectors and then regenerate the automatic connectors, which now pointed to the (in my opinion) proper servers. I only have one manually created site connector to minor site that is not part of the mesh.
This behavior was noticed back in late 2012 when another replication problem occurred during maintenance and was fixed.
This morning I was working on Site4 when I noticed that all the automatically generated site connectors switched back to the new Site3 domain controller.
Can anyone help me determine why the system seems to prefer site3 as a hub. Is there some setting stuck or configured that would make site3 preferential? I want to avoid more down time if site3 has a problem.
Thanks
DerekHi Derek,
>>Can anyone help me determine why the system seems to prefer site3 as a hub. Is there some setting stuck or configured that would make site3 preferential?
This should be decided automatically by KCC. The Knowledge Consistency Checker (KCC), a process running on each domain controller, automatically identifies the most efficient replication topology for our network, based on information we provide
about our network in Active Directory Sites and Services.
The KCC runs at specified intervals to adjust the replication topology for changes that occur in Active Directory, such as when new domain controllers are added and new sites are created. The KCC reviews the replication status of existing connections to
determine if any connections are not working. If a connection is not working due to a failed domain controller, the KCC automatically builds temporary connections to other replication partners (if available) to ensure that replication occurs. If all the domain
controllers in a site are unavailable, the KCC automatically creates replication connections between domain controllers from another site.
Regarding Active Directory replication, the following articles can be referred to for more information.
Active Directory Replication Concepts
https://technet.microsoft.com/en-us/library/cc756899(v=ws.10).aspx
Managing replication
https://technet.microsoft.com/en-us/library/cc757117(v=ws.10).aspx
KCC and Topology Generation
https://technet.microsoft.com/en-us/library/cc961781.aspx
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Failed JNDI - Active Directory binding
Hello everyone,
First off, forgive me if I'm posting to the wrong place and please let me know where I should post.
I have a very simple Java application (more or less copied from the Sun tutorial on JNDI) and am trying to connect to a Win 2003 R2 domain controller with active directory configured and populated.
No matter what I try I get
Problem searching directory: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'RootDSE'
I can bind using any of the standard win32 programs including ldp.exe. I can also bind and browse using Softerra LDAP Administrator without problems. I'm obviously missing something, but I can't see what. Please help.
There is no authentication info in the code because I'm hoping that's not needed as long as I'm logged into the windows machine I'm running this on.
Here's the code:
package printerfinder00;
import java.util.Hashtable;
import java.util.jar.Attributes;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
public class Main {
public static void main(String[] args) {
Hashtable env = new Hashtable();
String ldapURL = "ldap://dc01.hr.local:389/";
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapURL);
try {
DirContext ctx = new InitialLdapContext(env, null);
SearchControls searchCtls = new SearchControls();
String returnedAtts[] = {"sn", "givenName", "mail"};
searchCtls.setReturningAttributes(returnedAtts);
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "(&(objectClass=user)(mail=*))";
String searchBase = "RootDSE";
int totalResults = 0;
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
totalResults++;
System.out.println(">>>" + sr.getName());
Attributes attrs = (Attributes) sr.getAttributes();
if (attrs != null) {
try {
System.out.println(" surname: " + attrs.get("sn").get());
System.out.println(" firstname: " + attrs.get("givenName").get());
System.out.println(" mail: " + attrs.get("mail").get());
} catch (NullPointerException e) {
System.out.println("Errors listing attributes: " + e);
System.out.println("Total results: " + totalResults);
ctx.close();
} catch (NamingException e) {
System.err.println("Problem searching directory: " + e);
}I think the error message is quite descriptive !
Problem searching directory: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'RootDSE'
Firstly you have not supplied any credentials or configured an authentication mechanism, hence you cannot perfom a search.
For simple authentication, it would be something of the form: String adminName = "FOOBAR\\administrator";
String adminPassword = "xxxxxxx";
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);Secondly, your search base is incorrect (although you haven't got to the stage where this will generate an error)
BTW, The search base will be a distinguished name of the form:"dc=foobar,dc=com"If you are perfoming this from a Windows client, and want to utilise single sign-on, then you will want to refer to the post titled "JNDI, Active Directory and Authentication (Part 1) (Kerberos)" available at http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
Good luck... -
Failed Cluster Validation Wizard - Active Directory
Hi All,
I have a problem creating a cluster that has just got me stumped.
I've created two other clusters at two other sites with exact same hardware and configuration. All worked fine at those location.
For this third location, the cluster build is not going so well.
I have 2 x Dell server for a 2 node cluster, and a Dell SAN. There are iSCSI HBAs and switches for iSCSI and a flat network for the LAN and Management on another switch. The heartbeat is connected via a directly connected cable.
The nodes are running 2012 R2 Core, with latest patches (April 2015).
Firewall is disabled by Group Policy, both on servers and Domain Controller.
The Domain Controller at this site is on the local LAN.
On each future cluster node, the LAN cards can ping the Domain Controller by name and address (using -S to verify the source address). On the DC it can also ping each LAN interface, again both by name and IP. Heartbeat NICs can similarly ping each other.
Using a Management Server on a remote subnet (Domain Account, local admin of all concerned servers, except the DC, and having read/write on the target OU), the Cluster Validation Wizard fails, on one node only.
I'm getting an error message on "System Configuration\Validate Active Directory Configuration" of:
Connectivity to a writable domain controller from node DEN1NTHV02.mycorp.net could not be determined because of this error: Could not get domain controller name from machine DEN1NTHV02.
Node(s) DEN1NTHV01.mycorp.net can reach a writable domain controller.
Node(s) DEN1NTHV02.mycorp.net cannot reach a writable domain controller. Please check connectivity of these nodes to the domain controllers.
The computer accounts are in the same OU, and both are enabled and have no (seeming) other problems.
So, (1) does anyone have any idea, or (2) where can I find the verbose output text of the failed test?Re-check your IP configuration. Ensure the only NICs with a gateway defined is the primary NIC that will be used for client access.
"a flat network for the LAN and Management on another switch. The heartbeat is connected via a directly connected cable."
Just FYI. Though a cross-over cable between the two nodes works for a two-node cluster, it is not recommended if there is even a chance of the cluster going beyond two nodes.
Secondly, from your above statement, it sounds like you have the other, non-iSCSI networks plugged into a single switch. That becomes a single point of failure.
. : | : . : | : . tim -
Active Directory Operation on Disater Recovery Drill
Hye everybody,
Need some advice from you guys, i'll have to be ready for the DR Drill in upcoming week, my concern is this scenario, if we have a PDC in HQ, DC (GC) some branchs, and also DC (GC) in DR site. So when we do the DR operation where we disconnect the network
line in HQ and we swing all system apps including AD. it also involve the branch network that will pointing to DR site.
The testing that we have to do in DR Drill is such user authnetication, join domain session, replication, GPO and also make sure all the test are success or we get scold.. 8)
So what is the best practice from microsoft site or old timer here on what i should do to make this AD operation at DR is succcesfully working like normal.
Hope i'llvhave some input from you guys, thanks..Hello,
for the branch office, make sure that you have at least one DC / DNS / GC server. When a disaster occur on the HQ then you have to change the IP configuration settings of the client computers in the Branch Office so that they will point to this DC as a primary
DNS server. Like that, all should be okay with domain authentication, group policy applicance ...
Now, for FSMO roles, if you don't resize them then you will get problems like
You are unable to perform changes on AD schema
Time Sync problems
If the HQ DCs are unrecoverable then I recommend proceeding by resizing FSMO roles on DCs of the Branch Office. If not, you can:
Wait until these DCs are back
Resize FSMO roles and when the DCs of HQ will be back then force their demotion using
dcpromo /forceremoval. Note that if resized, DCs of HQ should never be online before demotion
Also, after these changes, you have to make sure that there is at least two DC / DNS / GC servers in the branch office. If not, add a new one. Like that, you will reduce risks of losing your domain.
Before a disaster appear, you have to make sure that AD replication is made correctly.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator -
Snow Leopard and Windows 2003 Active Directory Binding Issues
Ok I have a new imac 27" with snow leopard (completely patched).
I am attempting to join it to an active directory domain.
First the prequel:
* I have opened full traffic to and from the machine and our domain controllers
* I have enabled full logging on the firewall and there are no blocked packets
* I have used wireshark to watch the traffic on the mac and there appear to be no anomalies (packets being sent out but not getting a response, dns requests that aren't answered, etc)
* I have enabled full KDC logging on the domain controller in question and there are no errors in any of the event logs on either domain controller.
* The domain admin account in question has Enterprise, Schema and Domain Admin rights
* I have tried it both with and without an existing computer account and with every conceivable combination of caps and no caps on domain name, user and computer names.
I am getting the following error at the very end of the process:
"Unable to add server. Credential operation failed because an invalid parameter was provided (5102)"
I enabled debugging on Directory Services and will post a log in a reply.
Anyone have any ideas? I have been banging my head on this for a week with no luck.Here is the log with the Active Directory: entries grepped... the full log is far too large to reply to here, if you think you need it let me know and I can email it to you it is 548kb
obviously machine names, usernames and ip addresses have been munged.
2011-02-09 12:13:32 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:36 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:41 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:46 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 1 - Searching for Forest/Domain information
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 2 - Finding nearest Domain controllers
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 3 - Verifying credentials
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Attempting Replica connect to dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: CheckWithSelect - good socket to host dc3.subdomain.domain.tld. from poll and verified LDAP
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Established connection to dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:vyvyIt4
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:vyvyIt4
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Processing Site Search with found IP
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: No site name available
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating Mappings from inSchema.........
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated schema for node name subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Configuration naming context = cn=Partitions,CN=Configuration,DC=subdomain,DC=domain,DC=tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Top domain set as <cn=subdomain,cn=partitions,cn=configuration,dc=subdomain,dc=domain,dc=tld>
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating domain hierarchy cache
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating policies from domain subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated policies for node name subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - Searching for existing computer
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:zXpbfEi
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:zXpbfEi
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing Computer search for Ethernet address - 10:9a:dd:56:1b:1d
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - no mapping for Ethernet MAC address
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 5 - Bind/Join computer to domain
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Looking for existing Record of machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: KerberosID Found for account CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld - MACHINENAME$
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Existing record found @ CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld with [email protected].
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Setting Computer Password FAILED for existing record......
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Computer password change date is 2011-02-04 18:21:01 -0500
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Schtldled computer password change every 1209600 seconds - starting 2011-02-09 12:13:50 -0500
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x00000001026AA000\] - Active Directory: Failed to changed computer password in Active Directory domain
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:51 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
Message was edited by: aelana -
Service principal names of user are not unique; check the active directory
Hello Experts,
My company had set up this service principal account to use with Kerberos and I am trying to configure the authentication template using SPNEGO wizzard. The format of the service account is not the same as SAP recommened (J2EE-SID-DOMAIN) but something like abc_de_portal. After trying to use that account with the wizzard I am getting this error "Service principal names of user abc_de_portal are not unique; check the active directory configuration." I am not sure what else in the AD attributes is causing the problem. Please let me know if you have ran into similar issue and how did you corrected. Points will be rewarded of course.
Thank you so much for any help that I can get.Hello Duy,
SPN of the service user for kerberos has to be unique as you would have made out from the message . There seems to be
someother user having the SPN as yours.
You would have to find the other AD user with the same SPN as yours and then de register that with
setspn u2013d <SPN> Username
Then this error should not come up after that .
There was a tool called Ldifde which you can use for this. We have our AD team do this for us. Would be better if you ask them to carry this out.
Rgds
Maybe you are looking for
-
When I'm in the middle of a web page, all of a sudden I get 4 or 5 new tabs open up with Mozilla offers and to get them to close is a battle. Ever since Mozilla updated my version to a newer Firefox which I HATE( and it didn't even ask me if I wanted
-
How to set Oracle username to a column .
Hi Everyone, i have a table with some columns for example: ROW_CREATED_BY,ROW_CHANGED_BY we have to set Oracle username in trigger i.e., i have a trigger create or replace TRIGGER "EMP_TRG" BEFORE INSERT OR UPDATE ON EMPLOYEE FOR EACH ROW BEGIN If in
-
Images from scan on flash drive. Can female- female USB adapter be used to input to ipad?
Can female- female USB adapter be used to input images from scans to ipad?
-
Merge to HDR Pro from Lightroom changing image resolution
Image resolution in PS from a RAW LR transfer is 300ppi but I notice today the final HDR image from a LR transfer of three files is 240ppi. My preference in PS is set to 300ppi and I don't find a way to set a HDR resolution preference. I want my fi
-
Packing materials used in packing proposal
Hey all, Is there a FM that i can use to obtain all the packing materials that have been used in a packing proposal or any ideas on how to get this data? You can access the packing proposal thru the transaction VA03 -> Extras -> Packing proposal -> T